Java Enterprise Multilevel Access

1
Java Enterprise Multilevel AccessJEEMA Web
PortalIn partial fulfillment of the requirements
for a Masters of Science Computer
SciencePresented by Patrick D. CookforDr.
Edward Chow Dr. Charlie ShubDr. Jugal Kalita
2
Outline

• Project goals
• Background
• JEEMA
• Performance
• Reliability
• Challenges
• Lessons Learned
• Conclusion
• Demo

3
Project Goals

• Can a single sign-on realize multilevel security?
• Investigate Portlet Technology, in particular
  Java Specification Request (JSR)168, to determine
  if it would facilitate sharing data, at different
  security levels
• Avert the information flow problem, i.e. use a
  single sign on to access to multiple levels of
  classified resources, without compromising the
  multilevel security policy.

4
Background

• Related work, Rationale, Design decisions

5
Related Work

• Portals, Portlets and IPC
• Michelle Osborne (2006)
• Rebecca Twigg (2006)
• Single Sign-on
• Yale University
• UCCS

6
Rationale and Relevance

• The events on September 11, 2001 which spawned
  the 9/11 commissions report
• Hurricane Katrina and Rita in 2005
• Personal experiences
• Military United States Army Battle Staff
• Lockheed Martin Integrated Systems and Solutions
• Raytheon Intelligence and Information Systems

7
J2EE vs. .NET

• When it comes to building distributed web
  applications which can interoperate seamlessly
  between components in platform-neutral way there
  are two leading technologies competing for your
  vote, J2EE and .NET (pronounce dot NET).

8
.NET

• .NET is a Microsoft centric approach that runs on
  Windows platforms but does not fully comply with
  other operating systems.
• .NET is still in its infancy with respect to Java
  and has not reached its tipping point with many
  vendors.

9
J2EE

• J2EE is a platform-independent solution that uses
  the Java programming language and provides
  support for major operating systems
• J2EE is widely supported amongst major vendors
• W.O.R.M
• Write once run many times

10
J2EE Application Servers

• BEA WebLogic
• IBM Websphere
• SunOne Portal Server
• JBOSS

11
Java Portals

• A Java portal is a J2EE conformant technology
  which aggregates resources from disparate systems
  into a common operating environment over the web.
  It generally allows individualized customization,
  facilitates single sign-on authentication and is
  designed to run on multiple platforms JSR168.

12
Portlets

• Portlets are web components that generate dynamic
  content in an autonomous fashion. The autonomy
  is generated by markup fragments such as HTML,
  XHTML, or XML, but the aggregation of the
  fragments are managed by a portlet container.

13
Portlet Container

• In general, a container is software that provides
  out of the box services which developers can
  leverage for initialization, creation, and
  deletion, as well as, resource and dependency
  management JBOSSP.

14
JSR 168

• Java Specification Request 168, originally
  released in October 2003, provides the blueprint
  for developing portal components.
• Portlet Application Program Interface (API)
• Portlet
• PortletConfig
• GenericPortlet

15
JEEMA

• Java Enterprise Edition Multilevel Access
• Web Portal

16
What is JEEMA?

• JEEMA, Java Enterprise Edition Multilevel Access,
  is an acronym for a Java 2 Enterprise Edition
  (J2EE) compliant web portal that champions
  portlet technology to facilitate single sign-on
  authentication to access resources with multiple
  security levels
• JEEMA is based on the Java 2 Platform, Standard
  Edition, which adheres to the Java programming
  language and libraries

17
(No Transcript)
18
JEEMA Test bed Specifications

• Dell Optiplex GX620
• Intel (R)
• Pentium (R)
• CPU 3.20GHz, 3.19 GHz,
• 3.50 GB of RAM
• Physical Address Extension

19
System Specifications

• Microsoft Windows XP
• Professional Version 2002
• Service Pack 2
• Internet Explorer 6.0.2900.2180.xpsp.050622-1524
• BEA WebLogic Workshop
• Version 8.1.5
• Build 2005.0921.20042

20
JEEMA implementation of SSO

• WebLogic Portal Administration
• http//128.198.61.1797001/portalAppAdmin/

21
JEEMA implementation of IPC

• Java Messaging Service APIs
• Uses the listenTo attribute in establishing
  interportlet communications.
• Whenever a portlet is added to a portal, it
  creates an instance this instance has an
  instance label which other portlets listen to

22
Client Request
23
JSP

• ltbodygt
• ltnetuiform action"getMessage"gt
• ltnetuitextBox dataSource"text"/gt
• ltnetuibuttongtSubmitlt/netuibuttongt
• lt/netuiformgt
• lt/bodygt

24
TopSecretController.jpf

• /
• _at_jpfaction
• _at_jpfforward name"simpleForm
  path"topSecret.jsp"
• /
• protected Forward getMessage( Form form )
• try
• publisher.writeMessage(message)
• catch(Exception e)
• e.printStackTrace()
• return new Forward( "simpleForm" )

25
JMS

• private InitialContext jndi null
• private String TOPIC "jmsTopic"
• private String JNDI_CONNECTION_FACTORY
  "weblogic.jndi.WLInitialContextFactory"
• private String JMS_CONNECTION_FACTORY
  "weblogic.jms.ConnectionFactory "
• private String APPLICATION_PROVIDER_URL
  "t3//localhost7001"

26
Performance

• The portlets contained same content but was
  double for each iterations (i.e. 4 portlets, 8
  portlets, 16 portlets, 64 portlets).

27
JEEMA Reliability

• The reliability of the system, R (m), is measured
  in terms of its ability to deliver reliable
  messages to its recipients as portlets increase
  within a web portal.
• This can be defined mathematically as R(m) p/
  m, where p is equal to the number of reliable
  messages and m is the total number of messages.

28
Lessons Learned

• The challenges related to remote development
  (The virtual team)
• Black Box Coding
• Implementing JMS on SunOne and JBoss
• JNDI
• Asynchronous Communication

29
Future Work

• Integration with WSRP 2.0
• Use XACML Decision Points
• Asynchronous Java and XML (AJAX) methodologies

30
Conclusion

• A single sign on can realize multilevel
  security
• The technology is not mature enough in its
  current form for an enterprise solution that used
  for National Security
• It does provides a stepping stone toward upward
  mobility in MLS solutions

31
Questions
32
Backup

• Control Tree
• JMS Configuration